Trust Services Report for Service Organizations
SOC 3sm reports are designed to meet the needs of uses who want assurance on the controls at a service organization related to security, availability, processing integrity, confidentiality, or privacy but do not have the need for or the knowledge necessary to make effective use of a SOC 2sm report. These reports are prepared using the AICPA/ CPA Canada (formerly Canadian Institute of Chartered Accountants) Trust Services Principles and Criteria for Security, Availability, Processing Integrity, Confidentiality, and Privacy. Because SOC 3sm reports are general use reports, they can be freely distributed.
SysTrust and SOC 3 SysTrust for Service Organization Seals
The Systrust and SOC 3 SysTrust for Service Organizations seal programs have been discontinued. The cessation of the seal programs have no impact on the performance of Trust Services /SOC 3 engagements or the issuance of Trust Services/SOC 3 reports by practitioners. Practitioners and service organizations looking to market its SOC 3 engagements should use the AICPA SOC logo.
The Profession has experience significant growth in the market for attestation services in the area of systems reliability and service organization controls and we will continue to maintain the underlying Trust Services Principles and Criteria for Security, Availability, Processing Integrity, Confidentiality and Privacy. Moreover, the AICPA is in the process of revising the Trust Services privacy criteria, exposure of the revised criteria is expected to be issued 1st quarter 2015 and plans on developing a Trust Services/SOC 3 Guide, similar to the SOC 1 and SOC 2 Guides, to aid practitioners in the performance and reporting of Trust/SOC 3 engagements and to ensure the effectiveness of these services over time.